Spotify ads hit by malware attack
By BBC News
Published: 2011-03-29 · Archived: 2026-04-05 23:06:10 UTC
Spotify has apologised to users after an advertisement containing a virus was displayed to some users of the
music-streaming service.
The advertisement, which appeared within Spotify's Windows desktop software, did not need to be clicked on in
order to infect a user's machine.
The exploit would install a bogus 'Windows Recovery' anti-virus program.
"Users with anti-virus software will have been protected," Spotify said in a statement.
"We quickly removed all third party display ads in order to protect users and ensure Spotify was safe to use.
"We sincerely apologise to any users affected. We'll continue working hard to ensure this does not happen again
and that our users enjoy Spotify securely and in confidence."
The vulnerability only affects users with free subscriptions.
Security research specialists Websense said it received the first report of "malvertising" on the service at
11:30GMT on 24 March, noting that it used the Blackhole Exploit Kit - a tool for hackers - to carry out the attack.
Malvertising is usually confined to content viewed through web browsers, but this instance was displayed within
the Spotify software itself for people with a free membership.
"The application will render the ad code and run it as if it were run inside a browser," explained Websense's Patrik
Runald in a blog post, external.
Source: https://www.bbc.com/news/technology-12891182
https://www.bbc.com/news/technology-12891182
Page 1 of 1